Seg i starten

[xlokis]

Min dator är seg i starten, har rensat ur spyware men troligen finns det nåt elände kvar.

Två Trojaner hittade.Trojan.Win32.Small.fb och Trojan-Downloader.Win32.Agent.uj

Har ej provat denna support förut men här är loggen.

Janne

 

Logfile of HijackThis v1.99.1

Scan saved at 09:20:49, on 2006-08-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\ewido anti-malware\ewidoctrl.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Labtec\Mouse\2.1\moffice.exe

C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

C:\Program\Labtec\Mouse\2.1\MOUSE32A.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\MICROS~4\rapimgr.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\DTV\Yakumo QuickStick Basic DVB-T\RC.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Janne\Mina dokument\Virus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsidan.telia.se/

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Labtec\Mouse\2.1\moffice.exe

O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [dmupq.exe] C:\WINDOWS\system32\dmupq.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [KillAndClean] "C:\Program\KillAndClean\KillAndClean.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: RC.exe.lnk = C:\Program\DTV\Yakumo QuickStick Basic DVB-T\RC.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: MSWin.exe

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.sf-anytime.com

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://82.99.38.123/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{665B0FFE-40BC-4AA0-B64F-89F7D6AD9033}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DAFE7CD-977E-47A0-9269-F1B563707CEF}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1B98E5-8249-494D-9F5B-8BB92218F4E9}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\..\{DFD0BF9D-A950-490F-BEE2-F9D84C2293A2}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

 

[Zipp.]

 

Avinstallera via Kontrollpanelen om hittas

 

KillAndClean

 

Titta om det finns uppdateringar till Ewido

 

Ladda ner FixWareout på skrivbordet

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O4 - HKLM\..\Run: [dmupq.exe] C:\WINDOWS\system32\dmupq.exe

O4 - HKCU\..\Run: [KillAndClean] "C:\Program\KillAndClean\KillAndClean.exe"

O4 - Global Startup: MSWin.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{665B0FFE-40BC-4AA0-B64F-89F7D6AD9033}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DAFE7CD-977E-47A0-9269-F1B563707CEF}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1B98E5-8249-494D-9F5B-8BB92218F4E9}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\..\{DFD0BF9D-A950-490F-BEE2-F9D84C2293A2}: NameServer = 85.255.115.34,85.255.112.63

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63

 

 

Sen kör Fixwareout.exe och följ anvisningar.

Om din brandvägg gnäller så acceptera att den går ut på nätet.

När den är färdigkört så starta i felsäkert läge och ta bort om hittas

 

MSWin.exe

C:\Program\KillAndClean\< mappen

 

Efter det fortfarande i felsäkert läge scanna och rensa med Ewido och spara loggen.

Starta sen normalt och skicka en ny Hijack logg,Ewido loggen och C:\fixwareout\report.txt

 

[xlokis]

Kom lite arbete emellan, men här är loggen

Jee

Fixwareout ver 1.003

Last edited 8/11/2006

Post this report in the forums please

 

Reg Entries that were deleted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5E0D28BB2283-221B-7524-798E-CB95B3AD{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33C4DD3097A5-56B9-A674-BAB3-6F8E079B{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C22B123CD1F2-D399-E504-26EA-89363D6C{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49549F17B3CE-9718-2F04-345A-75A44213{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C854F48B3F42-FFDB-4BF4-FE57-75338D4E{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A0603E452283-99BA-3334-75F9-98190025{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58C92681E863-5389-1E54-63AF-44204A6A{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\qpumd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif

...

 

Random Runs removed from HKLM

...

 

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

 

»»»»» Searching by size/names...

 

»»»»»

Search five digit cs, dm and jb files.

This WILL/CAN also list Legit Files, Submit them at Virustotal

 

Other suspects.

Directory of C:\WINDOWS\system32

{52009189-9F57-4333-AB99-382254E3060A}.exe

 

»»»»» Misc files.

 

»»»»» Checking for older varients covered by the Rem3 tool.

 

 

[xlokis]

Loggen från Hijack

Logfile of HijackThis v1.99.1

Scan saved at 12:42:18, on 2006-08-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\ewido anti-malware\ewidoctrl.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\MICROS~4\rapimgr.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\DTV\Yakumo QuickStick Basic DVB-T\RC.exe

C:\Virus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = NOT USED (OK)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsidan.telia.se/

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Labtec\Mouse\2.1\moffice.exe

O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: RC.exe.lnk = C:\Program\DTV\Yakumo QuickStick Basic DVB-T\RC.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\INetRepl.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.sf-anytime.com

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://82.99.38.123/SAXFile/saxfile.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1B98E5-8249-494D-9F5B-8BB92218F4E9}: NameServer = 85.255.115.34,85.255.112.63

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

Loggen från Ewido

ewido anti-malware - Scan report

---------------------------------------------------------

 

+ Created on: 12:35:12, 2006-08-15

+ Report-Checksum: 54C45019

 

+ Scan result:

 

No infected objects found.

 

 

::Report End

 

Datorn är fortfarande seg i starten

hittade ej Kill an Cleanmappen har för mig att jag avinstallerat detta program

däremot fick jag en felrapport om moffice.exe som ej kunde starta vid omstart av datorn?

 

[Zipp.]

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1B98E5-8249-494D-9F5B-8BB92218F4E9}: NameServer = 85.255.115.34,85.255.112.63

 

 

Sen ta bort om hittas

 

C:\WINDOWS\system32

{52009189-9F57-4333-AB99-382254E3060A}.exe

 

Sen är loggar ok.

Du kan Googla dessa och stäng av via msconfig och autostart dom som inte är viktiga för systemet så blir uppstart snabbare.

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Labtec\Mouse\2.1\moffice.exe

O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: RC.exe.lnk = C:\Program\DTV\Yakumo QuickStick Basic DVB-T\RC.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

 

 

 

[xlokis]

 

Jag har fixat detta och provar

Tack för bra hjälp.

Jee